package com.wxtl.util;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Session验证filter
 */
public class SessionFilter implements Filter ,UPProtocol{
	
	public void destroy() {

	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest httpRequest=(HttpServletRequest) request;
		HttpServletResponse httpResponse=(HttpServletResponse) response;
		String url = httpRequest.getRequestURI();
		
//		if(url.contains("/ws/queryPackList.action") || url.contains("/ws/queryPackDetail.action") 
//				|| url.contains("/ws/register.action") || url.contains("/ws/downPack.action")
//				|| url.contains("/ws/index.jsp") || url.contains("/ws/downPack.jsp")
//				|| url.contains("/ws/queryPackList.jsp") || url.contains("/ws/queryPackDetail.jsp")){
//			chain.doFilter(httpRequest, response);
//			return;
//		}
		/*
		 * 如果是控制台访问，则直接放行
		 */
		if(httpRequest.getHeader(REQUEST_HEADER_UAGENT).startsWith(SC_BROWSER_HEADER_V)){
			chain.doFilter(httpRequest, response);
			return;
		}else if(url.contains("/ws/")|| url.contains("register.jsp") || url.contains("/agent/register.action")||url.contains("upDetail.jsp")){
			chain.doFilter(httpRequest, response);
			return;
		}else if(url.endsWith(".action")||url.matches(".*/pages/.*\\.jsp")||url.contains("up_plat/pages")){//Session验证拦截
			if(httpRequest.getSession() != null && httpRequest.getSession().getAttribute(Constants.ADMIN_SESSION_KEY) != null){//session不为空 
//			if(true){//零时屏蔽session过滤,控制台访问时无session记录 add by tm 2012-12-26
				//验证url是否有权限。。。
				//List<String> limit=(List<String>) httpRequest.getSession().getAttribute(Constants.ADMIN_LIMIT);
				
				chain.doFilter(httpRequest, response);
				return;
			}else{//session为空
				if(url.contains("/login/login.action")||url.contains("/login/logout.action")||url.contains("/pages/login.jsp")){
					chain.doFilter(httpRequest, response);
					return;
				}else
					httpResponse.sendRedirect(httpRequest.getContextPath()+"/pages/login.jsp");
			}
		}
		chain.doFilter(httpRequest, httpResponse);

	}

	public void init(FilterConfig filterConfig) throws ServletException {
		
	}
}
